From b2e1e541bf04fa91d1658f9e03a15bcb990eee3d Mon Sep 17 00:00:00 2001
From: infohash <46137868+infohash@users.noreply.github.com>
Date: Sat, 12 Aug 2023 20:10:00 +0530
Subject: [PATCH] Only load provider metadata when not using dynamic discovery
 (#166)

Fixes #164
---
 src/flask_pyoidc/pyoidc_facade.py |  6 ++++--
 tests/test_pyoidc_facade.py       | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/flask_pyoidc/pyoidc_facade.py b/src/flask_pyoidc/pyoidc_facade.py
index cbeb16e..4c7db66 100644
--- a/src/flask_pyoidc/pyoidc_facade.py
+++ b/src/flask_pyoidc/pyoidc_facade.py
@@ -39,8 +39,10 @@ def __init__(self, provider_configuration, redirect_uri):
                                            settings=self._provider_configuration.client_settings)
 
         provider_metadata = provider_configuration.ensure_provider_metadata(self._client)
-        self._client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata.to_dict()),
-                                            provider_metadata['issuer'])
+        # Should be called explicitly for "Static Provider Registration" to register the issuer.
+        if not self._client.issuer:
+            self._client.handle_provider_config(ProviderConfigurationResponse(**provider_metadata.to_dict()),
+                                                provider_metadata['issuer'])
 
         if self._provider_configuration.registered_client_metadata:
             client_metadata = self._provider_configuration.registered_client_metadata.to_dict()
diff --git a/tests/test_pyoidc_facade.py b/tests/test_pyoidc_facade.py
index 77e8804..f55c71b 100644
--- a/tests/test_pyoidc_facade.py
+++ b/tests/test_pyoidc_facade.py
@@ -25,6 +25,25 @@ class TestPyoidcFacade:
                                          jwks_uri=PROVIDER_BASEURL + '/jwks')
     CLIENT_METADATA = ClientMetadata('client1', 'secret1')
 
+    @pytest.mark.parametrize('provider_config', [
+        {'issuer': PROVIDER_BASEURL, 'client_registration_info': ClientRegistrationInfo()},
+        {'provider_metadata': PROVIDER_METADATA, 'client_metadata': CLIENT_METADATA}
+    ])
+    @responses.activate
+    def test_should_handle_provider_config_with_static_and_dynamic_provider(self, provider_config):
+        provider_metadata = {
+            'issuer': self.PROVIDER_BASEURL,
+            'authorization_endpoint': self.PROVIDER_BASEURL + '/auth',
+            'jwks_uri': self.PROVIDER_BASEURL + '/jwks'
+        }
+        responses.add(responses.GET,
+                      self.PROVIDER_BASEURL + '/.well-known/openid-configuration',
+                      json=provider_metadata)
+
+        config = ProviderConfiguration(**provider_config)
+        facade = PyoidcFacade(config, REDIRECT_URI)
+        assert facade._client.issuer == self.PROVIDER_BASEURL
+
     def test_registered_client_metadata_is_forwarded_to_pyoidc(self):
         config = ProviderConfiguration(provider_metadata=self.PROVIDER_METADATA, client_metadata=self.CLIENT_METADATA)
         facade = PyoidcFacade(config, REDIRECT_URI)